From b2d830e2aaca9344593c9dc40c06b3713ccc1b5e Mon Sep 17 00:00:00 2001
From: Martin Herkt <lachs0r@srsfckn.biz>
Date: Mon, 30 Oct 2017 05:36:03 +0100
Subject: store_url: only accept identity content encoding

Some servers (like IPFS gateways) will use chunked transfer encoding on
anything but identity content encoding. Also, probably fix a potential
zip bomb vulnerability.
---
 fhost.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fhost.py b/fhost.py
index 75986bc..283c9a2 100755
--- a/fhost.py
+++ b/fhost.py
@@ -234,7 +234,8 @@ def store_url(url, addr):
     if is_fhost_url(url):
         return segfault(508)
 
-    r = requests.get(url, stream=True, verify=False)
+    h = { "Accept-Encoding" : "identity" }
+    r = requests.get(url, stream=True, verify=False, headers=h)
 
     try:
         r.raise_for_status()
-- 
cgit v1.2.3